SQLViking - Pillaging Your Data

Explore the world of database exploitation with this conference talk from OWASP AppSec California 2015. Dive into SQLViking, a tool designed to passively capture SQL queries and actively execute arbitrary SQL commands without credentials. Learn how this tool leverages unencrypted database communications to access sensitive information. Discover the tool's two components: 'scout' for passive logging and 'pillage' for active TCP injection attacks. Understand the potential applications of SQLViking in penetration testing, including its use on small devices like Raspberry Pi for physical pentests. Gain insights into the tool's current capabilities, supporting MySQL and SQL Server protocols, and its ongoing development. Join security experts Jonn Callahan and Ken Toler as they discuss the intricacies of database security and the innovative approaches to compromising highly desired network assets.